Privacy Policy - Email Machine

PRINCIPLES OF PERSONAL DATA PROCESSING

Who are we? We are Email Machine s.r.o., ID No.: 03568831, with its registered office at Václavská 2073/20, Nové Město, 120 00 Prague 2, registered in the Commercial Register maintained by the Municipal Court in Prague, file no. C 409739, represented by Michal Finta, managing director (hereinafter referred to as “Email Machine” or “we“).

Why are we establishing these processing principles? Because we care about protecting personal data. In order to process personal data properly, we have adopted these Personal Data Processing Principles, which explain the purpose, reason, method and duration of processing your personal data.

How to contact us with questions? Please send all questions regarding the processing of your Personal Data to dpo@emailmachine.cz.

A FEW BASIC CONCEPTS

To simplify the language of the Terms and Conditions, we need to define several terms that will be used repeatedly in the text:

CCPA	California Consumer Privacy Act of 2018;
EEA	European Economic Area;
GDPR	Regulation (EU) 2016/679 of the European Parliament and of the Council;
Tool	is Email Machine’s online marketing platform, available electronically at https://www.emailmachine.cz/, operated by Email Machine as its sole owner, and provided to Users as a Service;
Commercial communication	usually an e-mail message sent for the purpose of promoting services;
Personal information	any information about the User that can be used to identify them directly or indirectly;
Personal data of the recipient	any information about the Recipient that can be used to directly or indirectly identify them; we process this information for our customer in our capacity as a processor;
Recipient	a natural person to whom the Recipient’s Personal Data relates, most often a customer of the User to whom emails are sent through our Tool;
Service	primarily a software service available as a web marketing platform operated by Email Machine, which consists of the provision of electronic tools for the creation, management, sending and managing communication campaigns, in particular, but not exclusively, for the mass distribution of commercial communications by e-mail, through which the User addresses its subscribers as part of its communication strategy, and further for monitoring and recording the results of communication campaigns, in electronic form via the Internet;
Contract	the contract for the provision of Services as set out in the General Terms and Conditions of Email Machine, which is concluded between us and the registered User, or it may be a contract with individually negotiated terms;
User / users	a natural person to whom Personal Data relates, most often a customer (a person who has signed a Contract with us and a person who has subsequently created a user account with us and is provided with the Service) or a potential customer, or a user of our website who only browses it, or a participant in our online or offline events;
Administrator	entity (in relation to your data, this is us) which, alone or jointly with others, determines the purposes and means of processing Personal Data;
Principles	By this term, we mean these Personal Data Processing Principles, so that we do not have to write it out in full every time.
Processor	we use other entities to, for example, ensure secure data storage or to send you our newsletter. During this cooperation, they may process the Personal Data you have provided to us;
Processing of Personal Data	Simply put, it refers to any handling of Personal Data, whether it be storing, sharing, deleting or modifying it.
Special categories of personal data	More sensitive personal data includes your ethnic origin, sexual orientation, whether you are a member of a trade union, your health status, and your religious beliefs. Genetic and biometric data are also considered a special category of personal data if they are processed for the purpose of uniquely identifying a natural person. We do not process special categories of personal data.

What if a term is not defined? If terms appear in this document that are not specified above, they shall be governed by the interpretation given in the Terms and Conditions.

HOW DO WE PROCESS PERSONAL DATA?

What standards does our Personal Data Processing have? As part of our Personal Data Processing, we will only request the Personal Data that is truly necessary from you. The processing itself is in accordance with legal regulations, in particular GDPR standards. If you entrust us with your data, we undertake to handle it in accordance with the relevant legal regulations that apply to you (GDPR, CCPA, etc.). We provide information about your rights in relation to Personal Data below.

WHAT IS OUR POSITION ON THE PROCESSING OF PERSONAL DATA?

Why can we be both the Controller and the Processor? Since you entrust us with your Personal Data, we become its Controller. At the same time, however, you also provide us with the Personal Data of your Recipients, of which you are the Controller; in this situation, we are only the Processor. Therefore, this Policy must consider both options.

Do these Principles also apply to Recipients? No, they do not. Our Principles apply only to Users, not Recipients.

WHEN ARE WE THE CONTROLLER?

What are our obligations as a Controller? In relation to Users, we are the Controller of Personal Data. You have entrusted us with certain information about yourself (e.g. your name and e-mail address) so that we can register your account, for example. An overview of the Personal Data we process, including the reasons for processing it, can be found below. If anything is unclear, please do not hesitate to contact us at dpo@emailmachine.cz.

What other Processors do we use? In order to provide you with the highest quality Service, we use other entities. We have concluded the necessary agreements with all of them and require the highest possible level of protection and security of Personal Data. All of our processors can be found in Section 8 of this Policy.

WHEN ARE WE THE PROCESSOR?

What are our obligations as a Processor? We provide a Service whose purpose is to send commercial communications or other information to your customers (Recipients). In relation to Recipients, we may be in the position of a Personal Data Processor and we act only in accordance with your instructions. The protection of personal data and the rights and obligations arising therefrom are governed in this case by the Data Processing Agreement (DPA), which is attached to the Terms and Conditions.

What do you need to know as a Recipient? As a Recipient, you must familiarise yourself with the documents on the Processing of Personal Data of our Users who send you commercial communications. We only have limited access to the Recipient’s Personal Data, so please contact the User in question.

Do we engage other sub-processors? We use other entities to provide the Services. If we find ourselves in the position of a Personal Data Processor, we may use other sub-processors in accordance with the Data Processing Agreement (DPA), which is attached to the Terms and Conditions. We and our sub-processors have very limited access to the data you store in the system, i.e. your clients’ data, but we nevertheless ensure that our sub-processors are bound to provide the same level of Personal Data protection as we do.

WHAT PERSONAL DATA DO WE PROCESS ABOUT YOU?

How do we process Personal Data? We process your Personal Data only to the extent necessary to achieve the purpose for which the data was collected, and we comply with technical and organisational security rules when processing it. The process of processing Personal Data is automated, but we do not perform profiling. The specific purposes of data processing and the categories of personal data that we process for each purpose are described in the following section.

→ First and last name and other contact details (especially e-mail, telephone number) and other information that you voluntarily provide in your user interface	→ Name and login to the user account and behaviour in the user account (in particular, data entered by the User in the user account, time of registration, date of last profile update)
→ Billing details and bank details (information necessary for accounting and payment processing)	→ Information that you provide to us in the course of communicating with us (in particular, your questions and answers to your questions, communication with you)
→ Comments you add to our posts on social media (especially Facebook and LinkedIn), as well as the name (nickname) of your profile on these social media sites and information you make publicly available on your profiles.	→ Cookies and IP address, activity data (including information about your device or operating system)

Special categories of Personal Data. We do not process any sensitive Personal Data about you.

IN WHAT CASES DO WE PROCESS PERSONAL DATA AND HOW?

We process your Personal Data when you browse our website, are a User of the Service, or contact us in any other way. We process your Personal Data only for as long as necessary, but the length of time may vary depending on the applicable legal regulations in the place where we provide our Services to you. The information on the length of processing is therefore only indicative.

USERS OF OUR WEBSITE

When you visit our website, we process your Personal Data for the purposes listed in this table.

Why?	What data?	How?	How long?
Website visits. Ensuring the basic functionality of our website, analytics, improving our services and our promotion. You can set your preferences in the cookie bar.	Information about when and how you visit and browse our website may include: your IP address, the date and time you accessed our website, information about your internet browser, operating system, or your behaviour history on the website. If you visit our website via your mobile phone, we may also process data about your phone.	Cookies or other technologies for tracking User behaviour.	The processing time varies depending on the type of cookie and the type of device and/or browser. Some process data only for the duration of the session (visit), while others process data for a longer period.
Sending an enquiry. You can contact us with your questions at any time and we will answer them. You can contact us via the contact form on our website or by e-mail.	First name, surname, e-mail, telephone number, other personal data that you provide to us.	In order to process your enquiry, we process the personal data necessary to do so. Communication takes place by telephone, email or directly on our website. If we call you.	Closed questions are regularly deleted, at the latest 3 years after the question was asked.
Webinar. We organise webinars. We process your personal data that you fill in the webinar registration form.	Email address, first name and surname. You may provide us with certain Personal Data during the webinar. Please note that we may take video recordings or photographs of some of these events.	You can register for the webinar by filling out the form. We will then contact you with further necessary information.	The data is processed for a period of 6 months after the webinar.
Sending commercial communications (direct marketing). You have subscribed to the newsletter. If you no longer wish to receive it, you can unsubscribe in the footer of the email.	First name, surname, telephone number and email address.	We send out a newsletter to inform you about our services and news.	The data is processed for a period of 2 years from the last active viewing of the newsletter, unless you unsubscribe earlier.
Blog, social media, competitions and other promotional events. Please note that any information you post in comments on our blog can be viewed by anyone. We may conduct surveys, hold competitions or other promotional events on our website or via social media.	First and last name, address, date of birth, telephone number, email address, username and similar information	All information, communications or materials provided via social media platforms are also provided in accordance with the personal data processing policies of those platforms.	We will leave your comments on the post for as long as it is published on our profile, unless you ask us to delete your comment from our blog earlier. In the case of competitions, the data will be processed for a period of 2 years after the end of the competition, unless you withdraw your consent earlier.

CUSTOMERS

If you decide to use the Service or want to try it out first, you will need to register. We will process your Personal Data to the extent necessary to provide you with the Service in accordance with the Terms and Conditions.

Why?	What data?	How?	How long?
Website visits. Ensuring the basic functionality of our website, analytics, improving our services and our promotion. You can set your preferences in the cookie bar.	Information about when and how you visit and browse our website may include: your IP address, the date and time you accessed our website, information about your internet browser, operating system, or your behaviour history on the website. If you visit our website via your mobile phone, we may also process data about your phone.	Cookies or other technologies for tracking User behaviour.	The duration of processing varies depending on the type of cookie, device and/or browser. Some process data only for the duration of the session (visit), while others process data for a longer period.
Conclusion of the Agreement. In order to start using the Service to its full extent, you must first conclude an Agreement with us and register.	To conclude the Agreement, we will need your first name, surname, and email address, as well as other information, if applicable.	You provide us with this information when you fill out the registration form questionnaire and create a user account, or during our communication for the purpose of signing the Agreement.	The data is processed for the duration of the Agreement and subsequently for a period of 4 years after the termination of the Agreement.
Tool. We may receive information about how and when you use the Tool. We also process data related to the security of the Tool. When you visit our website or use the Tool, there may be situations where access to a particular address is unauthorised or causes an error (incident).	This information may include, for example, your IP address, the time, date, browser used, and actions you have taken in the Tool, as well as content you have uploaded to the Tool.	We may store the information we collect in log files or other types of files associated with your account and link it to other information we collect about you.	For the duration of the customer’s contractual relationship with us.
User account. If you have entered into a Contract with us, we will create a user account for you. Within the user account, you can grant access to the Service to a predetermined number of persons.	Data provided during registration or in the Agreement, in particular your email address and other contact details (see above). The scope of Personal Data processing may vary depending on which Personal Data you provide in your user account and which features of the Service you use.	You provide us with this information when you create or update your user account.	The data is processed for the duration of the Agreement and subsequently for a period of 4 years after the termination of the Agreement.
Training courses, seminars, webinars, and workshops. We process your personal data that you fill in on the order form and during the event.	Email address, first name and surname. You may provide us with certain Personal Data during the webinar. Please note that we may take video recordings or photographs of some of these events. If you do not wish to be recorded, please contact us before the event or in person at the event venue.	You can register for the webinar by filling out the form. We will then contact you with further necessary information.	The data is processed for the duration of the Agreement and subsequently for a period of 4 years after the termination of the Agreement. Records are processed for a period of 6 months after the webinar or training.
Communication with customer support, requests and complaints. You can send us your enquiry by email, via the website or by telephone.	First name, last name, telephone number, e-mail address, user account.	In order to process enquiries, requests or complaints, we process Personal Data that is necessary for their processing.	Closed queries and complaints are deleted regularly, at the latest 3 years after the query was submitted or the complaint was resolved.
Direct marketing, in particular sending commercial communications. If you use our Service or have subscribed, we will send you a newsletter. If you no longer wish to receive it, you can unsubscribe in the footer of the email.	First name, surname, telephone number and email address.	We send out a newsletter to inform you about our services and news.	The data is processed for a period of 2 years from the last active viewing of the newsletter, unless you unsubscribe earlier.
Blog, social media, competitions and other promotional events. Please note that any information you post in comments on our blog can be viewed by anyone. We may conduct surveys, hold competitions or other promotional events on our website or via social media.	First and last name, address, date of birth, telephone number, email address, username and similar information	All information, communications or materials provided via social media platforms are also provided in accordance with the personal data processing policies of those platforms.	We will leave your comments on the post for as long as it is published on our profile, unless you ask us to delete your comment from our blog earlier. In the case of competitions, the data will be processed for a period of 2 years after the end of the competition, unless you withdraw your consent earlier.
Accounting. We accept remuneration for providing Services and issue you with accounting and tax documents, which we then archive and further process for the purposes of proper accounting and compliance with legal obligations. If you provide us with your credit card details, we do not have access to the complete details. We only know that you are paying by card and that the card details are processed by the recipients of this data, who process the payment for us.	Invoice details – first name, surname, email address, billing address, or other identification of the User and details of performance under the Contract.	After you fill in your payment details in your profile, we will save this information to create an invoice.	We are legally obliged to archive or retain the relevant document; the period depends on what is required by law (3–10 years).
Sending information related to the performance of the Agreement. This will include new features, planned downtime, changes to the Price List, and more. Sometimes you may also receive such an email from our contractual partner – typically, this may be a platform we use to administer training courses or webinars, when we need to send you a notification about the start or progress of such an event.	First name, surname, email address, billing address, or other identification of the User and details of performance under the Contract.	We also process your Personal Data for the purpose of sending you information relating to our contractual relationship. This may include changes to the terms and conditions of service provision or the price list.	The data is processed for the duration of the contractual relationship and subsequently for a period of 4 years after the termination of the Contract.
Compliance with legal obligations. In certain cases, we must process your Personal Data in order to comply with legal obligations.	In particular, this may include the User’s first name, surname, email address, billing information, or other identification details.	In this case, we process your Personal Data in order to comply with applicable legal regulations (fulfilment of legal obligations).	We process your Personal Data for the period specified by the relevant legal regulations.

JOB APPLICANTS

Why?	What data?	How?	How long?
Job vacancies. From time to time, you can find current job vacancies on our website.	This is information that you provide to us in your CV. Name and surname, address, date of birth, telephone number, email address, possibly a link to a social network, information about previous employment, education, interests, skills, certifications.	We will review the documents you have sent us, which contain personal data, and contact you based on their contents.	Based on the consent granted, we may retain the Personal Data of job applicants for a period of 3 years. The reason for this is the possibility that we may have an interesting job offer for you at a later date.

ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA?

What are the reasons for processing Personal Data? We collect and process all Personal Data in a lawful manner. We process Personal Data:

based on your consent (e.g. when you voluntarily subscribe to our newsletter or send us an enquiry),
for the purpose of performing the Contract (so that we can start providing you with Services),
for the purpose of fulfilling a legal obligation (e.g. in the case of supervision by a supervisory authority) and
based on our legitimate interest (e.g. if you are our customer, so that we can inform you about what's new with us).

What if I am not from the EEA? If we provide the Service to you outside the European Economic Area (EEA), the legal grounds for processing Personal Data may differ.

Can children and minors use our service?

When can you start using our Service? Our Service is available to persons aged 16 and over. We do not knowingly process the personal data of children and minors under this age limit. If we discover that we have received personal data from a child without parental or legal consent, we will take appropriate steps to delete this information as quickly as possible.

Who are our processors?

Processors. We only use verified Processors with whom we have a written contract and who provide us with at least the same guarantees as we provide to you. The data that Processors may process, including the purpose and legal basis for processing, is listed above. We use these Processors from the position of Controller, which means that they do not process the data you enter into the system when using the Service.

Website operation	WEDOS, Forpsi, Savvy
Standard website traffic analysis	Google Analytics
Provision of the Service	MasterDC, Savvy, MxToolBox, OpenAI, EmailOnAcid, Sendtric, Smartlook, Noosa Labs, Mailocator
Payment and accounting	Gopay
Communication with customer support, handling enquiries	Google, SupportBox
Marketing	LinkedIn, Facebook, X, Instagram, YouTube
Social networks	LinkedIn, Facebook, X, Instagram, YouTube
Webinars, training sessions, and face-to-face meetings	Google
Job seekers	StartupJobs, Google, LinkedIn

What about the use of personal data at OpenAI? Since we will also use OpenAI, which operates generative artificial intelligence tools (e.g. ChatGPT or Dall-E), to provide the Service, we will request your consent to this in your User Account.

What if we need to disclose Personal Data? We may disclose Personal Data to third parties other than the Processors mentioned above if required by law or in response to lawful requests from public authorities or courts in legal proceedings.

WHAT MEASURES HAVE WE TAKEN TO PROTECT YOUR PERSONAL DATA?

Our customers can influence the scope of processing within the provision of the Service by their own settings in their User Account.

What technical measures do we use? Security is very important to us, which is why we work continuously to protect your personal data. When choosing measures, we take into account the scope of processing, the riskiness of processing, and the state of our technology.

We use unique and strong passwords for access to each service individually;
We back up data regularly;
We update antivirus software systems;
We encrypt data using SSL (secure sockets layer) for all data transfers;
We use the secure https protocol;
Our data on servers is encrypted;
We develop technology with privacy by design in mind;
Access passwords to information systems (where Personal Data will be processed) and access authorisations are controlled at the individual level;
Our tool is regularly tested by a specialised security company, including using penetration testing.

What organisational measures do we use? We have adopted and are committed to complying with the following measures:

Our employees and associates are bound by confidentiality;
Our employees and associates are properly trained in GDPR and familiarised with the rules of safe working on work equipment;
Our employees follow internal guidelines governing organisational measures for personal data protection.
Organisational measures are in place at the workplace to ensure the physical safety of employees and other persons at the workplace;
When storing API keys, we remove authorisation data;
Access to all systems, including the information system, is personalised and protected by secure passwords; employees are required to have encrypted data on their hard drives.
We store passwords in a separate location (Safe Store) in the operating environment, where logs are recorded so that we can control employees' access to individual Users' Personal Data.

International provision of services

If we use Processors based abroad, we ensure that we comply with the requirements of the relevant legislation. In particular, when transferring data from the EEA to other countries, we ensure a high standard of Personal Data protection through standard contractual clauses approved by the European Commission or equivalent standard contractual clauses for the United Kingdom, for transfers to countries that are not subject to an adequacy decision by the European Commission or your local legislator.

We comply with GDPR standards and the protection of personal data is very important to us. We also provide our Services outside the EEA market, so your rights relating to the protection of personal data depend on the relevant legislation that applies to you.

California Consumer Privacy Act

If you are a resident of California, you are subject to the CCPA and have the right to information about how we handle your data.

What data do we process? In order to provide you with our Service, we need your data. The type of personal data and the purpose for which we process it are specified above. We may store this personal data for as long as necessary for the purposes for which it was collected, and only for the necessary period of time. This depends on our business, legal and regulatory needs, but it is always a reasonable period of time.

What are your rights? The CCPA guarantees you the following rights:

Right to information	You have the right to request information about what personal data we collect, use, disclose, share and sell about you, where we obtained it and for what purpose we process it.
Right to erasure	You have the right to request that we delete your Personal Data and to request that our Processors do the same. We will delete your data unless we have a legal obligation to retain it or one of the other exceptions applies.
Right to refuse sale or sharing	You have the right to refuse to allow us, as a company, to sell your data. Given that we share personal data with our Processors, this operation may be considered a “sale of personal data” under the CCPA.
Right to rectification	You have the right to request the correction of inaccurate personal data. You can correct some data in your user profile.
Right to restrict the use and disclosure of sensitive personal data	You may request that we use your sensitive data (birth number, bank account information, etc.) solely for the purpose of providing services.
Prohibition of discrimination	You have the right not to be discriminated against as a result of exercising your rights.

How can you exercise your rights? You can exercise your rights by emailing dpo@emailmachine.cz or by post to our registered office address.

In order to process your request, we may require verification of your identity, depending on the nature of the right you are exercising. If a representative is exercising your rights on your behalf, we will need to verify their authority to act on your behalf. We will also require your representative to identify themselves. We take these steps to ensure the highest standard of protection for your Personal Data.

CAN-SPAM Act

The CAN-SPAM Act applies in the United States and regulates the conditions for direct marketing, particularly with regard to marketing via electronic mail (e-mail). As we focus on providing email marketing services, it is important to us that the rules and values enshrined in the CAN-SPAM Act are incorporated into our practices. For this reason, we adhere to the basic principles of the CAN-SPAM Act, which are as follows.

We do not use misleading identification information	When using our tool, we do not use misleading identification information that would cause the recipient of email marketing to doubt who the information in the email is sent from.
We do not promote services, goods, and similar items of persons who use misleading information.	We do not send advertising emails and do not allow the use of our services by persons who, in violation of the CAN-SPAM Act, use misleading information or otherwise violate the transparency and identification requirements set forth in the CAN-SPAM Act.
We clearly identify emails as advertising (marketing)	When sending marketing communications via email, we always clearly indicate that the individual emails contain advertising messages. We never send emails with advertising messages in such a way that we attempt to conceal this fact.
We send details about the opt-out option	In our promotional emails, we include information for the recipient on how to opt out of receiving marketing communications by email.
We allow you to opt out of receiving marketing communications by email.	The option to opt out of receiving marketing communications is available to all persons to whom such communications are sent. This also applies to persons who have previously consented to receiving marketing communications by email or to persons who have become subscribers in another way.
We respect opt-out	If the recipient of advertising emails informs us that they no longer wish to receive emails with advertising messages, we will refrain from sending them in the future. We will stop sending them within ten (10) days of receiving the opt-out request at the latest.
We warn against sending advertisements with sexual content.	If we send advertising emails containing sexually oriented content, we always draw attention to this fact. In particular, at the beginning of the email subject line, we include a notice stating “SEXUALLY-EXPLICIT” or similar. Similarly, we indicate on the first visible page of the email that its content is sexually oriented, requiring the recipient to take active steps to view it.

GDPR AND YOUR RIGHTS AND THE POSSIBILITY TO SUBMIT A REQUEST REGARDING THE PROTECTION OF PERSONAL DATA

If you are located in the EEA, you may exercise the following rights under the GDPR.

You may exercise your rights by emailing dpo@emailmachine.cz or by post to our registered office address.

How quickly will we process your request? We will respond to you within one month at the latest. If providing the information would compromise the privacy of other individuals, or if providing it would be disproportionate to the risks or costs involved, we may not be able to comply with your request. In order to process your request as quickly as possible, we may need to verify your identity. In the event of a repeated request, the Controller shall be entitled to charge a reasonable fee for a copy of the Personal Data.

Right of access	We will confirm whether we process your Personal Data. You have the right to information about the purposes of processing, categories of personal data, recipients to whom it is disclosed, and the duration of processing. You have the right to know whether any right has already been exercised. A prerequisite is also that the rights and freedoms of other persons will not be adversely affected, as well as a copy of the Personal Data.
Right to rectification	You have the right to request the correction of inaccurate personal data. You can correct some data in your user profile.
Right to erasure	If there is no other reason to further process this data, we will delete or anonymise the data you have requested.
Right to restriction of processing	Please contact us if you believe that we are processing your data incorrectly, whether in terms of the reasons for processing or its scope.
Right to request rectification, erasure or restriction of processing	If you contact us with a request, we will inform you of the outcome. Sometimes we may not be able to comply (e.g. the email address you used to contact us is no longer valid).
Right to portability	We will provide your Personal Data, which you have provided to us in a structured and machine-readable format, to another controller at your request.
Right to object	If we process your data on the basis of a legitimate interest (e.g. sending newsletters to Users), it is up to us to prove our legitimate interest. If your objection is justified, we will cease processing your Personal Data.
Right to withdraw consent	If you have changed your mind, please let us know. Processing for marketing and commercial purposes can be revoked at any time.
Automated individual decision-making, including profiling	Don’t want decisions about you to be made by a computer? We respect your rights, which is why we do not use automated decision-making or profiling beyond legitimate interests (in particular, we do not profile special categories of personal data). We provide the Service, and your Personal Data may be processed automatically.

CONCLUSION

This Privacy Policy may only be amended in writing. You will be notified of any such amendments via our website or in the Tool. Please check this policy regularly. By continuing to use our Service, you agree to any amendments to this policy.

If you have any questions regarding our personal data processing policy, please contact us at dpo@emailmachine.cz.

If you are dissatisfied, you may submit a suggestion or complaint at any time to:

The Office for Personal Data Protection, with its registered office at Pplk. Sochora 727/27, 170 00 Prague 7 – Holešovice (more at https://www.uoou.cz/), or
The Office for Personal Data Protection of the Slovak Republic, with its registered office at Hraničná 12, 820 07 Bratislava 27, Slovak Republic (more information at https://dataprotection.gov.sk/uoou/), or
The Federal Commissioner for Data Protection and Freedom of Information, based at Graurheindorfer Straße 153, 53117 Bonn (more information at https://www.bfdi.bund.de), or
another data protection authority located in your place of habitual residence.

This Privacy Policy is effective as of 1 December 2025.